kyverno icon indicating copy to clipboard operation
kyverno copied to clipboard

Published 20 hours ago verified publisher icon kyverno

Support apiCalls in the CLI when `--cluster` is used

Open JimBugwadia opened this issue 3 years ago • 11 comments

Is your feature request related to a problem? Please describe.

Currently the CLI expects the user to supply variables, including ones from API calls. This makes sense when the CLI is used without cluster access. However, when the CLI is used with a cluster the API calls should be performed against the cluster.

Describe the solution you'd like

When the --cluster option is used, API calls should be resolved without requiring the user to provide variable values.

Describe alternatives you've considered

Additional context

Slack discussion: https://kubernetes.slack.com/archives/CLGR9BJU9/p1638383189095100?thread_ts=1638368072.089700&cid=CLGR9BJU9

JimBugwadia avatar Dec 01 '21 18:12 JimBugwadia

@JimBugwadia Interesting issue, has it been assigned to anyone yet? if not I would like to work on it. Please what is the CLI command for API calls in kyverno kyverno apply {apiURL} ...... ?

adeniyistephen avatar Dec 10 '21 20:12 adeniyistephen

@zeborg - are you working on this issue?

realshuting avatar Dec 13 '21 13:12 realshuting

@zeborg - are you working on this issue?

@realshuting Not yet, other contributors are free to pick it up.

zeborg avatar Dec 13 '21 13:12 zeborg

@adeniyistephen - I assigned the issue!

Please what is the CLI command for API calls in kyverno kyverno apply {apiURL} ...... ?

Yes, both test and apply commands need to support this. You can find the CLI implementation in this package.

Let us know if you want to discuss the design / proposal, thanks!

realshuting avatar Dec 13 '21 15:12 realshuting

@adeniyistephen - are you still interested in picking this up?

realshuting avatar Jan 13 '22 12:01 realshuting

@adeniyistephen - are you still interested in picking this up?

Yes, I have been busy. But other contributors are free to pick it up.

adeniyistephen avatar Jan 14 '22 22:01 adeniyistephen

I can take this up! @JimBugwadia @realshuting

tend2infinity avatar Apr 11 '22 06:04 tend2infinity

Thanks @tend2infinity!

JimBugwadia avatar Apr 11 '22 07:04 JimBugwadia

Hey @JimBugwadia I was actually going through the codebase and I realized that in the ApplyPolicyOnResource function, we don't have any method to get variables from Api calls, we get variables as an argument of this function which is definitely a map. So, How should I actually approach this issue? Should I create a new method inside applyCommandHelper function that will allow us to get variables using API calls. Also do we have a reusable piece of relevant code for implementing API support, actually I couldn't find it :sweat_smile:

tend2infinity avatar Apr 18 '22 08:04 tend2infinity

Just ran into this as an issue while testing policies using apiCall context against a cluster. Would be great to see this added.

zswanson avatar Jun 21 '22 13:06 zswanson

Hey @tend2infinity are you still working on this ?, as I'm currently exploring CLI section and interested in this issue .

chetak123 avatar Aug 28 '22 08:08 chetak123